[Acme] ACME email validation
Brian Sipos <BSipos@rkf-eng.com> Thu, 18 June 2020 22:13 UTC
Return-Path: <BSipos@rkf-eng.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CE583A1030 for <acme@ietfa.amsl.com>; Thu, 18 Jun 2020 15:13:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rkfeng.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jNC3QC52oLOn for <acme@ietfa.amsl.com>; Thu, 18 Jun 2020 15:12:59 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2069.outbound.protection.outlook.com [40.107.236.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59DF03A0FAE for <acme@ietf.org>; Thu, 18 Jun 2020 15:12:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Nirh74TZedzAJEsFyaSSHpiza6lqCRn1ya6V8N2t9WhbBOIUg1kyQVP3zOCRColkLMg6fffvBrHnSFq9FMmtFemaotg4aiGLJLR4X80OZe8mii+9rdl+DwP91OQNfkoo8Fkwu0yKXofAxbR1xhRexfPmEoeBAeRnqTngG1f4Fg4HungHpMTJfvxw2e6ILsCuP70bGHfzY1w6WnlGpUCpIpaTiIP6t5uHDX1kKoJEMdGwoUDbPBCBqjCIN1jO0YKZwVTRPZKGWZl9/B5vqznZKsJO6lxEXP2PJ4wAjHwhbqMkT6C1Hc9oJ4bohe/uE72rOCDA+ulKrxvhWdu30F8Kxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zmv/v9Tw2WZVkTwQERjbyxoeUZLw+CA33/JOKYEwVXY=; b=VavJxA8qLweWyRH/oU6SZdcrBC/kZEfaTx44WVTcYGlegdMbgrNIMIlZbdyWV9X0dbLK5tTy27QRuDTlVR3iROHnvG2x9annKrUbOA1DIRyiPj2HmhviVSXRNrqG6StZq7TMLgGlJOEuPEAdf56GB3QEgLqo3vMgMLStNp1IIAad35BrIHmD8Tj/3urKwt2hHBZ9LdsE8Lepi+E54Hj7IRXpkP1eYoGCXFggYe5hbSIVPkpcIvVhpnIEKiQh/Z1dJu4yXQLrAxKsuf9ll7F+Y/VOgP1UjtgYYp8HyI39WQHTZH52/8s1vPO9I1ttisjXPpd4vOgZdvtHLg36GPSE9Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=rkf-eng.com; dmarc=pass action=none header.from=rkf-eng.com; dkim=pass header.d=rkf-eng.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rkfeng.onmicrosoft.com; s=selector2-rkfeng-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zmv/v9Tw2WZVkTwQERjbyxoeUZLw+CA33/JOKYEwVXY=; b=ikeQkmTLmaJ9acu5XscvdCVxsahcy5LSUw009TuunlgATkm9VL9avwNOZwOu5vUofn4R+iLPX9uenrV0vrFeiOXTYPf0xFlI67HOZ33JX7zLNVZMOp9HekGNa31OopLaoBcuyPgopVZY6Te6LlgU1wfdgjEWVwFohDjWStGuQtc=
Received: from MN2PR13MB3567.namprd13.prod.outlook.com (2603:10b6:208:168::10) by MN2PR13MB2864.namprd13.prod.outlook.com (2603:10b6:208:f7::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.13; Thu, 18 Jun 2020 22:12:56 +0000
Received: from MN2PR13MB3567.namprd13.prod.outlook.com ([fe80::2d35:414:84c4:d1c5]) by MN2PR13MB3567.namprd13.prod.outlook.com ([fe80::2d35:414:84c4:d1c5%5]) with mapi id 15.20.3131.009; Thu, 18 Jun 2020 22:12:56 +0000
From: Brian Sipos <BSipos@rkf-eng.com>
To: "acme@ietf.org" <acme@ietf.org>
CC: "alexey.melnikov@isode.com" <alexey.melnikov@isode.com>
Thread-Topic: ACME email validation
Thread-Index: AQHWRbuF1pe9taw9nECUAEGZL+APIg==
Date: Thu, 18 Jun 2020 22:12:56 +0000
Message-ID: <MN2PR13MB3567F3E0995E58C4CDCF8CCE9F9B0@MN2PR13MB3567.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=rkf-eng.com;
x-originating-ip: [108.18.140.127]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d457381a-4e14-4f75-134a-08d813d4c101
x-ms-traffictypediagnostic: MN2PR13MB2864:
x-microsoft-antispam-prvs: <MN2PR13MB2864A6EBA9E0CBDF52D993CC9F9B0@MN2PR13MB2864.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0438F90F17
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fVy75/xecQEyFpbaUyfNcTizzAw5AsId5SbdtjtmMMjGGSeIJ+i0mM1b6J8u/JGcj8tiMvCINHvEBbpIC+Iw+Tm2Da8NTuxT6oYrvK7r/X6ZCUu/WiSvhLo7ZJOZecXJzgULKFTEaPI9AmQ0pkhr6hiDLOD3isWwIfH+9WNHTOrkv+38txlLUEtcCEStbILFNL0ute1spEr/R4pSHtFNMz6UzRrdWY29jhaNLcOYulRPatpWhCOXaKInQBNrUy/O4YX4/nhQDcd9OxHNrjmPsFHAIcqwLSfs0qaJ/PCSBedPC6pUNV0hNyVSEWqEuyzTkN3yRrgJKhtxOSfuRL+TZmodGmCn3n22h+oKUHzjUiFf7+zKnIAV+lp+CITDxArc5i97J5Rzpe0T9boTcX2Wqg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR13MB3567.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(396003)(366004)(39830400003)(346002)(136003)(376002)(19627405001)(508600001)(5660300002)(2906002)(66946007)(52536014)(66556008)(3480700007)(76116006)(4326008)(7696005)(66446008)(66476007)(64756008)(83380400001)(316002)(26005)(55016002)(8936002)(6506007)(8676002)(6916009)(9686003)(7116003)(4744005)(33656002)(86362001)(71200400001)(166002)(186003)(966005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 9YyQCLzdDIHSxJ4EAB/p454jn4osxWfoXgg5s7V/LdiwAOiKz283a0SYItG8qrycvffUJeamUOo9Ivng1kdadC1YSAVN2vJ+BejgSUhxgzQTt7P4hnYagKCSoPSwYg33g1pzrpwHh++9jcSjv3LwUVX3Yjrwd/mkXzLtCTUDkVLAHW4XKfBiDfsoSdbeRag0qHqdHRNs2J6DD+GH6AxJmqrq9aMgoP7xBHtjpDPRx7LYyS2wMic89px9eObghyK7Gxg78UHzwNWu15wx43kqGrsRz4Idq114LJ9RXS+XoQFVol52+iLl/IDHxdeDwq6EqhDW4LoPkJ9kcBIbFkPAJ1u6bW0o5ALZuMix0ENgw2BCFvPeJ/e9t5hg6gNsdEGvIptRZs5rkpO3A9EwAuqVDzC3cy8JUAIbrZLNYKdGo/5EguIX6AufXYwrohL6Bj/djuuuAbzgQaAWI8WjT0wtIxIdywXSl462+H15FppKsoWp2vxaz8qEmDEL2zkD2uf2
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR13MB3567F3E0995E58C4CDCF8CCE9F9B0MN2PR13MB3567namp_"
MIME-Version: 1.0
X-OriginatorOrg: rkf-eng.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d457381a-4e14-4f75-134a-08d813d4c101
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jun 2020 22:12:56.1364 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4ed8b15b-911f-42bc-8524-d89148858535
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: GjteK/3RPXm2V1aTXD0vEM1PvaylLnz9nUXMQt4Ka2xlAsQED3CuTzUqRTzpDIF1M8fRTEzKQGo51c/43aQJ5A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR13MB2864
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/SuecrBTotHGuwPvwxD47zNGvZkA>
Subject: [Acme] ACME email validation
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 22:13:01 -0000
All, In a recent draft I created for using ACME for non-web-PKI verification [1] I see that there are many similarities with an earlier draft for email verification [2]. In that email protocol, the challenge token is split into two parts which arrive at the email validation agent through two paths: token-part1 via the validation channel, and token-part2 via the ACME channel. Is there a technical reason why the token is split into two parts like this? Is replying with the proper corresponding Key Authorization not sufficient to prove ownership of the email address? I don't see any similar challenge token splitting in other ACME drafts and I don't see anything obvious in [2] to indicate why the split is useful or needed. I also didn't see any related discussion earlier on the ACME mailing list. Thank you, Brian S. [1] https://datatracker.ietf.org/doc/html/draft-sipos-acme-dtnnodeid-00 [2] https://datatracker.ietf.org/doc/html/draft-ietf-acme-email-smime-08
- [Acme] ACME email validation Brian Sipos
- Re: [Acme] ACME email validation Sebastian Nielsen
- Re: [Acme] ACME email validation Brian Sipos
- Re: [Acme] ACME email validation Sebastian Nielsen
- Re: [Acme] ACME email validation Alexey Melnikov